.mario Wrote:
-------------------------------------------------------
> Try working with images - the browser will attempt
> to load them even if the content came in via Ajax
> providing you load and error events.

I think you misunderstood me. My problem is not with finding an XSS vector, it's with somehow getting that XSS'd page to display for other users. My problem is that the search field can't be submitted from the URL like a normal XSS attack where a crafted URL is given to a victim (shown in my example), so I'm looking for alternatives.

Try using a iframe to the target site and overlaying the target area and then social engineering to click the button. I presume the button is activated with a javascript event rather than a post or get action. You need to be able to provide content either stored or reflected in some form to conduct an attack.

ignore my post below, i was dumb and didnt read everything about the ajax

-------

are u talking about POST vs GET?

see if you can see what the search value is, and setting it in the URL. that sometimes work
ex: hxxp://site.com/search.php?s="><script>alert(1);</script>

or you can setup a free site somewhere, and do an automatic form submission
<body onload=Form.form1.submit()>
<form method=post action=http://site.com/search.php>
<input type=hidden name=search value='"><script>alert(1);</script>
<input type=submit>
</form>

then send them the url to your free site
http://freesite.com/evil.html